chef-server.rb Optional Settings

The chef-server.rb file contains all of the non-default configuration settings used by the Chef server. (The default settings are built-in to the Chef server configuration and should only be added to the chef-server.rb file to apply non-default values.) These configuration settings are processed when the chef-server-ctl reconfigure command is run, such as immediately after setting up the Chef server or after making a change to the underlying configuration settings after the server has been deployed. The chef-server.rb file is a Ruby file, which means that conditional statements can be used in the configuration file.

Note

The chef-server.rb file does not exist by default. To modify the settings for the Chef server, create a file named chef-server.rb in the /etc/opscode/ directory.

Note

This file was named private-chef.rb in previous versions of Enterprise Chef. After an upgrade to Chef server 12 from Enterprise Chef, the private-chef.rb file is symlinked to chef-server.rb. The private-chef.rb file is deprecated, starting with Chef server 12.

Settings

The following sections describe the various settings that are available in the chef-server.rb file.

Note

When changes are made to the chef-server.rb file the Chef server must be reconfigured by running the following command:

The Chef server API used by the Open Source Chef server does not have an /organizations/ORG_NAME endpoint. Use this setting to ensure that migrated Open Source Chef servers are able to connect to the Chef server API. This value should be the same as the name of the organization that was created during the upgrade from Open Source Chef version 11 to Chef server version 12, which means it will be identical to the ORG_NAME part of the /organizations endpoint in Chef server version 12. Default value: the name of the organization specified during the upgrade process from Open Source Chef 11 to Chef server 12.

flavor

Default value: 'cs'.

install_path

The directory in which the Chef server is installed. Default value: '/opt/opscode'.

from_email

The email address from which invitations to the Chef management console are sent. Default value: '"Opscode" <donotreply@opscode.com>'.

license['nodes']

The number of licensed nodes. Default value: 25.

license['upgrade_url']

The URL to visit for more information about how to update the number of nodes licensed for an organization. Default value: 'http://www.chef.io/contact/on-premises-simple'.

notification_email

The email addressed to which email notifications are sent. Default value: 'pc-default@opscode.com'.

bookshelf

The bookshelf service is an Amazon Simple Storage Service (S3)-compatible service that is used to store cookbooks, including all of the files—recipes, templates, and so on—that are associated with each cookbook.

The access key identifier. (This is configurable and may be pointed at external storage locations, such as Amazon EC2. Four settings require configuration when pointing at an external cookbook storage location: bookshelf['vip'], for the endpoint used by the chef-client; bookshelf['external_url'], for the endpoint used by the Chef server; bookshelf['access_key_id'], for user access key; bookshelf['secret_access_key'], for secret key; and opscode_erchef['s3_bucket'], for the bucket name. Reconfigure the Chef server after changing these settings. Default value: generated by default.

bookshelf['data_dir']

The directory in which on-disk data is stored. The default value is the recommended value. Default value: /var/opt/opscode/bookshelf/data.

bookshelf['dir']

The working directory. The default value is the recommended value. Default value: /var/opt/opscode/bookshelf.

bookshelf['enable']

Enable a service. Default value: true.

bookshelf['external_url']

The base URL to which the service is to return links to API resources. Use :host_header to ensure the URL is derived from the host header of the incoming HTTP request. Default value: :host_header.

bookshelf['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

bookshelf['listen']

The IP address on which the service is to listen. Default value: 127.0.0.1.

bookshelf['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: /var/log/opscode/bookshelf.

bookshelf['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

bookshelf['port']

The port on which the service is to listen. Default value: 4321.

bookshelf['secret_access_key']

The secret key. (This is configurable and may be pointed at external storage locations, such as Amazon EC2. Four settings require configuration when pointing at an external cookbook storage location: bookshelf['vip'], for the endpoint used by the chef-client; bookshelf['external_url'], for the endpoint used by the Chef server; bookshelf['access_key_id'], for user access key; bookshelf['secret_access_key'], for secret key; and opscode_erchef['s3_bucket'], for the bucket name. Reconfigure the Chef server after changing these settings. Default value: generated by default.

bookshelf['stream_download']

Enable stream downloading of cookbooks. This setting (when true) typically results in improved cookbook download performance, especially with the memory usage of the bookshelf service and the behavior of load balancers and proxies in-between the chef-client and the Chef server. Default value: true.

bookshelf['vip']

The virtual IP address. Default value: 127.0.0.1.

bootstrap

This configuration file has the following settings for bootstrap:

bootstrap['enable']

Indicates whether an attempt to bootstrap the Chef server is made. Generally only enabled on systems that have bootstrap enabled via a server entry. Default value: true.

The directory in which log data is stored. The default value is the recommended value. Default value: '/var/log/opscode/keepalived'.

keepalived['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value: { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

keepalived['service_posthooks']

The directory to which Keepalived is to send POST hooks. Default value:

'{ 'rabbitmq' => '/opt/opscode/bin/wait-for-rabbit' }'

keepalived['smtp_connect_timeout']

The amount of time (in seconds) to wait for a connection to an SMTP server. Default value: '30'.

keepalived['smtp_server']

The SMTP server to which a connection is made. Default value: '127.0.0.1'.

keepalived['vrrp_instance_advert_int']

The frequency (in seconds) at which the primary VRRP server is to advertise. Default value: '1'.

keepalived['vrrp_instance_interface']

The interface over which VRRP traffic is sent. Should be set to the name of the dedicated interface for Keepalived. Default value: 'eth0'.

keepalived['vrrp_instance_ipaddress']

The virtual IP address to be managed. This is typically set by the backend_vip option. Default value: node['ipaddress'].

keepalived['vrrp_instance_ipaddress_dev']

The device to which the virtual IP address is added. Default value: 'eth0'.

keepalived['vrrp_instance_nopreempt']

Specify that a lower priority machine maintains the master role, even if a higher priority machine is available. (This setting configures the noprempt value in VRRP.) Default value: 'true'.

keepalived['vrrp_instance_password']

The secret key for VRRP pairs. This value is generated randomly when the bootstrap server is installed and does not need to be set explicitly. Default value: 'sneakybeaky'.

keepalived['vrrp_instance_preempt_delay']

The prempt_delay value for the VRRP instance. Default value: '30'.

keepalived['vrrp_instance_priority']

The priority for this server. By default, all servers have equal priority. The server with the lowest value will have the highest priority. Default value: '100'.

keepalived['vrrp_instance_state']

The state of the VRRP server. This value should be the same for both servers in the backend. Default value: 'BACKUP'.

keepalived['vrrp_instance_virtual_router_id']

The virtual router identifier used by the Keepalived pair. This value should be unique within the multicast domain used for Keepalived. Default value: '1'.

keepalived['vrrp_sync_group']

The name of the VRRP synchronization group. Default value: 'PC_GROUP'.

keepalived['vrrp_sync_instance']

The name of the VRRP synchronization instance. Default value: 'PC_VI'.

keepalived['vrrp_unicast_bind']

The unicast cluster IP address to which Keepalived binds. To use multicast, leave this value undefined. This value is configured automatically based on settings in private-chef.rb. This setting should not be changed without first consulting a Chef support engineer. Default value: node['ipaddress'].

keepalived['vrrp_unicast_peer']

The unicast cluster IP address used by Keepalived to talk to its peer. To use multicast, leave this value undefined. This value is configured automatically based on settings in private-chef.rb. This setting should not be changed without first consulting a Chef support engineer. Default value: nil.

lb / lb_internal

This configuration file has the following settings for lb:

lb['api_fqdn']

Default value: node['fqdn'].

lb['ban_refresh_interval']

Default value: 600.

lb['bookshelf']

Default value: 127.0.0.1.

lb['cache_cookbook_files']

Default value: false.

lb['chef_max_version']

The maximum version of the chef-client that is allowed to access the Chef server via the Chef server API. Default value: 11.

lb['chef_min_version']

The minimum version of the chef-client that is allowed to access the Chef server via the Chef server API. Default value: 10.

lb['chef_server_webui']

Default value: 127.0.0.1.

lb['debug']

Default value: false.

lb['enable']

Enable a service. Default value: true.

lb['erchef']

Default value: 127.0.0.1.

lb['maint_refresh_interval']

Default value: 600.

lb['redis_connection_pool_size']

Default value: 250.

lb['redis_connection_timeout']

The amount of time (in milliseconds) to wait before timing out. Default value: 1000.

lb['redis_keepalive_timeout']

The amount of time (in milliseconds) to wait before timing out. Default value: 2000.

ldap

The root LDAP node under which all other nodes exist in the directory structure. For Active Directory, this is typically cn=users and then the domain. For example:

'OU=Employees,OU=Domain users,DC=example,DC=com'

Default value: nil.

ldap['bind_dn']

The distinguished name used to bind to the LDAP server. The user the Chef server will use to perform LDAP searches. This is often the administrator or manager user. This user needs to have read access to all LDAP users that require authentication. The Chef server must do an LDAP search before any user can log in. Many Active Directory and LDAP systems do not allow an anonymous bind. If anonymous bind is allowed, leave the bind_dn and bind_password settings blank. If anonymous bind is not allowed, a user with READ access to the directory is required. This user must be specified as an LDAP distinguished name similar to:

'CN=user,OU=Employees,OU=Domainuser,DC=example,DC=com'

Default value: nil.

ldap['bind_password']

The password for the binding user. The password for the user specified by ldap['bind_dn']. Leave this value and ldap['bind_dn'] unset if anonymous bind is sufficient. Default value: nil.

ldap['group_dn']

The distinguished name for a group. When set to the distinguished name of a group, only members of that group can log in. This feature filters based on the memberOf attribute and only works with LDAP servers that provide such an attribute. In OpenLDAP, the memberOf overlay provides this attribute. For example, if the value of the memberOf attribute is CN=abcxyz,OU=users,DC=company,DC=com, then use:

ldap['group_dn'] = 'CN=user,OU=Employees,DC=example,DC=com'

ldap['host']

The name (or IP address) of the LDAP server. The hostname of the LDAP or Active Directory server. Be sure the Chef server is able to resolve any host names. Default value: ldap-server-host.

ldap['login_attribute']

The LDAP attribute that holds the user’s login name. Use to specify the Chef server user name for an LDAP user. Default value: sAMAccountName.

ldap['port']

An integer that specifies the port on which the LDAP server listens. The default value is an appropriate value for most configurations. Default value: 389 or 636 when ldap['encryption'] is set to :simple_tls.

ldap['ssl_enabled']

Cause the Chef server to connect to the LDAP server using SSL. Default value: false. Must be false when ldap['tls_enabled'] is true.

Note

Previous versions of the Chef server used the ldap['ssl_enabled'] setting to first enable SSL, and then the ldap['encryption'] setting to specify the encryption type. These settings are deprecated.

ldap['system_adjective']

A descriptive name for the login system that is displayed to users in the Chef server management console. If a value like “corporate” is used, then the Chef management console user interface will display strings like “the corporate login server”, “corporate login”, or “corporate password.” Default value: AD/LDAP.

Warning

This setting is not used by the Chef server. It is used only by the Chef management console.

ldap['timeout']

The amount of time (in seconds) to wait before timing out. Default value: 60000.

ldap['tls_enabled']

Enable TLS. When enabled, communication with the LDAP server is done via a secure SSL connection on a dedicated port. When true, ldap['port'] is also set to 636. Default value: false. Must be false when ldap['ssl_enabled'] is true.

Note

Previous versions of the Chef server used the ldap['ssl_enabled'] setting to first enable SSL, and then the ldap['encryption'] setting to specify the encryption type. These settings are deprecated.

nginx

This configuration file has the following settings for nginx:

nginx['cache_max_size']

The max_size parameter used by the Nginx cache manager, which is part of the proxy_cache_path directive. When the size of file storage exceeds this value, the Nginx cache manager removes the least recently used data. Default value: 5000m.

nginx['client_max_body_size']

The maximum accepted body size for a client request, as indicated by the Content-Length request header. When the maximum accepted body size is greater than this value, a 413 Request Entity Too Large error is returned. Default value: 250m.

nginx['dir']

The working directory. The default value is the recommended value. Default value: /var/opt/opscode/nginx.

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

nginx['keepalive_timeout']

The amount of time (in seconds) to wait for requests on a Keepalived connection. Default value: 65.

nginx['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: /var/log/opscode/nginx.

nginx['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value: { 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

nginx['non_ssl_port']

The port on which the WebUI and API are bound for non-SSL connections. Default value: 80. Use nginx['enable_non_ssl'] to enable or disable SSL redirects on this port number. Set to false to disable non-SSL connections.

The SSL certificate used to verify communication over HTTPS. Default value: nil.

nginx['ssl_certificate_key']

The certificate key used for SSL communication. Default value: nil.

nginx['ssl_ciphers']

The list of supported cipher suites that are used to establish a secure connection. To favor AES256 with ECDHE forward security, drop the RC4-SHA:RC4-MD5:RC4:RSA prefix. See this link for more information. For example:

The organization or group within your company that is running the Chef server. Default value: Operations.

nginx['ssl_port']

Default value: 443.

nginx['ssl_protocols']

The SSL protocol versions that are enabled. For the highest possible security, disable SSL 3.0 and allow only TLS:

nginx['ssl_protocols'] = 'TLSv1 TLSv1.1 TLSv1.2'

Default value: TLSv1 TLSv1.1 TLSv1.2.

nginx['ssl_state_name']

The state, province, or region in which your company is located. Default value: WA.

nginx['stub_status']['allow_list']

The IP address on which accessing the stub_status endpoint is allowed. Default value: ["127.0.0.1"].

nginx['stub_status']['listen_host']

The host on which the Nginx stub_status module listens. Default value: "127.0.0.1".

nginx['stub_status']['listen_port']

The port on which the Nginx stub_status module listens. Default value: "9999".

nginx['stub_status']['location']

The name of the Nginx stub_status endpoint used to access data generated by the Nginx stub_status module. Default value: "/nginx_status".

nginx['tcp_nodelay']

Enable the Nagle buffering algorithm. Default value: on.

nginx['tcp_nopush']

Enable TCP/IP transactions. Default value: on.

nginx['url']

Default value: https://#{node['fqdn']}.

nginx['worker_connections']

The maximum number of simultaneous clients. Use with nginx['worker_processes'] to determine the maximum number of allowed clients. Default value: 10240.

nginx['worker_processes']

The number of allowed worker processes. Use with nginx['worker_connections'] to determine the maximum number of allowed clients. Default value: node['cpu']['total'].to_i.

nginx['x_forwarded_proto']

The protocol used to connect to the server. Possible values: http and https. This is the protocol used to connect to the Chef server by a chef-client or a workstation. Default value: 'https'.

oc_bifrost

The oc_bifrost service ensures that every request to view or manage objects stored on the Chef server is authorized.

This configuration file has the following settings for oc_bifrost:

oc_bifrost['db_pool_size']

The number of open connections to PostgreSQL that are maintained by the service. This value should be increased if failures indicate that the oc_bifrost service ran out of connections. This value should be tuned in conjunction with the postgresql['max_connections'] setting for PostgreSQL. Default value: 20.

oc_bifrost['dir']

The working directory. The default value is the recommended value. Default value: /var/opt/opscode/oc_bifrost.

oc_bifrost['enable']

Enable a service. Default value: true.

oc_bifrost['extended_perf_log']

Default value: true.

oc_bifrost['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true.

oc_bifrost['listen']

The IP address on which the service is to listen. Default value: '127.0.0.1'.

oc_bifrost['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: /var/log/opscode/oc_bifrost.

oc_bifrost['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

oc_bifrost['port']

The port on which the service is to listen. Default value: 9463.

oc_bifrost['sql_password']

The password for the sql_user. Default value: 'challengeaccepted'.

oc_bifrost['sql_ro_password']

The password for the sql_ro_user. Default value: 'foreveralone'.

oc_bifrost['sql_ro_user']

Default value: 'bifrost_ro'.

oc_bifrost['sql_user']

The user with permission to publish data. Default value: 'bifrost'.

oc_bifrost['superuser_id']

Default value: '5ca1ab1ef005ba111abe11eddecafbad'.

oc_bifrost['vip']

The virtual IP address. Default value: '127.0.0.1'.

oc_chef_authz

The opscode-authz service is used to handle authorization requests to the Chef server.

This configuration file has the following settings for oc_chef_authz:

oc_chef_authz['http_cull_interval']

Default value: '{1, min}'.

oc_chef_authz['http_init_count']

Default value: 25.

oc_chef_authz['http_max_age']

Default value: '{70, sec}'.

oc_chef_authz['http_max_connection_duration']

Default value: '{70, sec}'.

oc_chef_authz['http_max_count']

Default value: 100.

oc_chef_authz['ibrowse_options']

The amount of time (in milliseconds) to wait for a connection to be established. Default value: '[{connect_timeout, 5000}]'.

oc-chef-pedant

This configuration file has the following settings for oc-chef-pedant:

oc_chef_pedant['debug_org_creation']

Run tests with full output. Default value: false.

oc_chef_pedant['dir']

The working directory. The default value is the recommended value. Default value:

'/var/opt/opscode/oc-chef-pedant'

oc_chef_pedant['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value:

'/var/log/opscode/oc-chef-pedant'

oc_chef_pedant['log_http_requests']

Log HTTP requests in a file named http-traffic.log that is located in the path specified by log_directory. Default value: true.

oc_chef_pedant['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

oc-id

The oc-id service enables OAuth 2.0 authentication to the Chef server by external applications, including Chef Supermarket and Chef Analytics. OAuth 2.0 uses token-based authentication, where external applications use tokens that are issued by the oc-id provider. No special credentials—webui_priv.pem or privileged keys—are stored on the external application.

This configuration file has the following settings for oc-id:

oc_id['administrators']

An array of Chef server user names who may add applications to the identity service. For example, ['user1', 'user2']. Default value: [ ].

The number of open connections to PostgreSQL that are maintained by the service. Default value: '20'.

oc_id['dir']

The working directory. The default value is the recommended value. Default value: none.

oc_id['enable']

Enable a service. Default value: true.

oc_id['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

oc_id['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: '/var/opt/opscode/oc_id'.

oc_id['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

oc_id['num_to_keep']

The number of log files to keep. Default value: 10.

oc_id['port']

The port on which the service is to listen. Default value: 9090.

oc_id['sql_database']

The name of the database. Default value: oc_id.

oc_id['sql_password']

The password for the sql_user. Default value: snakepliskin.

oc_id['sql_user']

The user with permission to write to sql_database. Default value: oc_id.

oc_id['vip']

The virtual IP address. Default value: '127.0.0.1'.

opscode-chef-mover

This configuration file has the following settings for opscode-chef-mover:

opscode_chef_mover['bulk_fetch_batch_size']

Default value: '5'.

opscode_chef_mover['cache_ttl']

Default value: '3600'.

opscode_chef_mover['db_pool_size']

The number of open connections to PostgreSQL that are maintained by the service. Default value: '5'.

opscode_chef_mover['data_dir']

The directory in which on-disk data is stored. The default value is the recommended value. Default value:

'/var/opt/opscode/opscode-chef-mover/data'

opscode_chef_mover['dir']

The working directory. The default value is the recommended value. Default value:

'/var/opt/opscode/opscode-chef-mover'

opscode_chef_mover['enable']

Enable a service. Default value: true.

opscode_chef_mover['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

opscode_chef_mover['ibrowse_max_pipeline_size']

Default value: 1.

opscode_chef_mover['ibrowse_max_sessions']

Default value: 256.

opscode_chef_mover['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value:

'/var/log/opscode/opscode-chef-mover'

opscode_chef_mover['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

opscode_chef_mover['max_cache_size']

Default value: '10000'.

opscode_chef_mover['solr_http_cull_interval']

Default value: '{1, min}'.

opscode_chef_mover['solr_http_init_count']

Default value: 25.

opscode_chef_mover['solr_http_max_age']

Default value: '{70, sec}'.

opscode_chef_mover['solr_http_max_connection_duration']

Default value: '{70, sec}'.

opscode_chef_mover['solr_http_max_count']

Default value: 100.

opscode_chef_mover['solr_ibrowse_options']

Default value: '[{connect_timeout, 10000}]'.

opscode_chef_mover['solr_timeout']

Default value: 30000.

opscode-erchef

The opscode-erchef service is an Erlang-based service that is used to handle Chef server API requests to the following areas within the Chef server:

Cookbooks

Data bags

Environments

Nodes

Roles

Sandboxes

Search

This configuration file has the following settings for opscode-erchef:

opscode_erchef['auth_skew']

Default value: 900.

opscode_erchef['authz_fanout']

Default value: 20.

opscode_erchef['authz_timeout']

The amount of time (in seconds) before a request to the oc_bifrost service times out. Default value: 2000.

opscode_erchef['base_resource_url']

The base URL to which the service is to return links to API resources. Use :host_header to ensure the URL is derived from the host header of the incoming HTTP request. Default value: :host_header.

opscode_erchef['bulk_fetch_batch_size']

The number of nodes that may be deserialized. Currently only applies to the /search endpoint in the Chef server API. The default value is the recommended value. Default value: 5.

opscode_erchef['cache_ttl']

Default value: 3600.

opscode_erchef['cleanup_batch_size']

Default value: 0.

opscode_erchef['couchdb_max_conn']

Default value: '100'.

opscode_erchef['db_pool_size']

The number of open connections to PostgreSQL that are maintained by the service. Default value: 20.

opscode_erchef['depsolver_timeout']

The amount of time (in milliseconds) to wait for cookbook dependency problems to be solved. Default value: '5000'.

opscode_erchef['depsolver_worker_count']

The number of Ruby processes for which cookbook dependency problems are unsolved. Use the pgrep -fl depselector command to verify the number of depsolver workers that are running. If you are seeing 503 service unavailable errors, increase this value. Default value: '5'.

opscode_erchef['dir']

The working directory. The default value is the recommended value. Default value: /var/opt/opscode/opscode-erchef.

opscode_erchef['enable']

Enable a service. Default value: true.

opscode_erchef['enable_actionlog']

Use to enable Chef actions, a premium feature of the Chef server. Default value: false.

opscode_erchef['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

opscode_erchef['ibrowse_max_pipeline_size']

Default value: 1.

opscode_erchef['ibrowse_max_sessions']

Default value: 256.

opscode_erchef['listen']

The IP address on which the service is to listen. Default value: 127.0.0.1.

opscode_erchef['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: /var/log/opscode/opscode-erchef.

opscode_erchef['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

opscode_erchef['max_cache_size']

Default value: 10000.

opscode_erchef['max_request_size']

Default value: 1000000.

opscode_erchef['nginx_bookshelf_caching']

Whether Nginx is used to cache cookbooks. When :on, Nginx serves up the cached content instead of forwarding the request. Default value: :off.

opscode_erchef['port']

The port on which the service is to listen. Default value: 8000.

opscode_erchef['root_metric_key']

Default value: chefAPI.

opscode_erchef['s3_bucket']

The name of the Amazon Simple Storage Service (S3) bucket. (This is configurable and may be pointed at external storage locations, such as Amazon EC2. Four settings require configuration when pointing at an external cookbook storage location: bookshelf['vip'], for the endpoint used by the chef-client; bookshelf['external_url'], for the endpoint used by the Chef server; bookshelf['access_key_id'], for user access key; bookshelf['secret_access_key'], for secret key; and opscode_erchef['s3_bucket'], for the bucket name. Reconfigure the Chef server after changing these settings. Default value: bookshelf.

opscode_erchef['s3_parallel_ops_fanout']

Default value: 20.

opscode_erchef['s3_parallel_ops_timeout']

Default value: 5000.

opscode_erchef['s3_url_expiry_window_size']

The frequency at which unique URLs are generated. This value may be a specific amount of time, i.e. 15m (fifteen minutes) or a percentage of the value of s3_url_ttl, i.e. 10%. Default value: :off.

opscode_erchef['s3_url_ttl']

The amount of time (in seconds) before connections to the server expire. If node bootstraps are timing out, increase this setting. Default value: 28800.

opscode_erchef['strict_search_result_acls']

Use to specify that search results only return objects to which an actor (user, client, etc.) has read access, as determined by ACL settings. This affects all searches. When true, the performance of the Chef management console may increase because it enables the Chef management console to skip redundant ACL checks. To ensure the Chef management console is configured properly, after this setting has been applied with a chef-server-ctl reconfigure run chef-manage-ctl reconfigure to ensure the Chef management console also picks up the setting. Default value: false.

Warning

When true, opscode_erchef['strict_search_result_acls'] affects all search results and any actor (user, client, etc.) that does not have read access to a search result will not be able to view it. For example, this could affect search results returned during chef-client runs if a chef-client does not have permission to read the information.

opscode_erchef['udp_socket_pool_size']

Default value: 20.

opscode_erchef['umask']

Default value: 0022.

opscode_erchef['validation_client_name']

Default value: chef-validator.

opscode_erchef['vip']

The virtual IP address. Default value: 127.0.0.1.

opscode-expander

The opscode-expander service is used to process data (pulled from the rabbitmq service’s message queue) so that it can be properly indexed by the opscode-solr4 service.

This configuration file has the following settings for opscode-expander:

opscode_expander['consumer_id']

The identity of the consumer to which messages are published. Default value: default.

opscode_expander['dir']

The working directory. The default value is the recommended value. Default value:

/var/opt/opscode/opscode-expander

opscode_expander['enable']

Enable a service. Default value: true.

opscode_expander['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

opscode_expander['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value:

/var/log/opscode/opscode-expander

opscode_expander['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

opscode_expander['nodes']

The number of allowed worker processes. Default value: 2.

opscode_expander['reindexer_log_directory']

The directory in which opscode-expander-reindexer logs files are located. Default value:

/var/log/opscode/opscode-expander-reindexer

opscode-solr4

The opscode-solr4 service is used to create the search indexes used for searching objects like nodes, data bags, and cookbooks. (This service ensures timely search results via the Chef server API; data that is used by the Chef platform is stored in PostgreSQL.)

This configuration file has the following settings for opscode-solr4:

opscode_solr4['auto_soft_commit']

The maximum number of documents before a soft commit is triggered. Default value: 1000.

opscode_solr4['commit_interval']

The frequency (in seconds) at which node objects are added to the Apache Solr search index. This value should be tuned carefully. When data is committed to the Apache Solr index, all incoming updates are blocked. If the duration between updates is too short, it is possible for the rate at which updates are asked to occur to be faster than the rate at which objects can be actually committed. Default value: 60000 (every 60 seconds).

opscode_solr4['data_dir']

The directory in which on-disk data is stored. The default value is the recommended value. Default value:

/var/opt/opscode/opscode-solr4/data

opscode_solr4['dir']

The working directory. The default value is the recommended value. Default value:

/var/opt/opscode/opscode-solr4

opscode_solr4['enable']

Enable a service. Default value: true.

opscode_solr4['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

opscode_solr4['heap_size']

The amount of memory (in MBs) available to Apache Solr. If there is not enough memory available, search queries made by nodes to Apache Solr may fail. The amount of memory that must be available also depends on the number of nodes in the organization, the frequency of search queries, and other characteristics that are unique to each organization. In general, as the number of nodes increases, so does the amount of memory. The default value should work for many organizations with fewer than 25 nodes. For an organization with several hundred nodes, the amount of memory that is required often exceeds 3GB. Default value: nil, which is equivalent to 25% of the system memory or 1024 (MB, but this setting is specified as an integer number of MB in EC11), whichever is smaller.

opscode_solr4['ip_address']

The IP address for the machine on which Apache Solr is running. Default value: 127.0.0.1.

opscode_solr4['java_opts']

A Hash of JAVA_OPTS environment variables to be set. (-XX:NewSize is configured using the new_size setting.) Default value: ' ' (empty).

opscode_solr4['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value:

/var/log/opscode/opscode-solr4

opscode_solr4['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

opscode_solr4['max_commit_docs']

The frequency (in documents) at which node objects are added to the Apache Solr search index. This value should be tuned carefully. When data is committed to the Apache Solr index, all incoming updates are blocked. If the duration between updates is too short, it is possible for the rate at which updates are asked to occur to be faster than the rate at which objects can be actually committed. Default value: 1000 (every 1000 documents).

opscode_solr4['max_field_length']

The maximum field length (in number of tokens/terms). If a field length exceeds this value, Apache Solr may not be able to complete building the index. Default value: 100000 (increased from the Apache Solr default value of 10000).

opscode_solr4['max_merge_docs']

The maximum number of index segments allowed before they are merged into a single index. Default value: 2147483647.

opscode_solr4['merge_factor']

The maximum number of document updates that can be stored in memory before being flushed and added to the current index segment. Default value: 15.

postgresql

The postgresql service is used to store node, object, and user data.

This configuration file has the following settings for postgresql:

postgresql['checkpoint_completion_target']

A completion percentage that is used to determine how quickly a checkpoint should finish in relation to the completion status of the next checkpoint. For example, if the value is 0.5, then a checkpoint attempts to finish before 50% of the next checkpoint is done. Default value: 0.5.

Required when postgresql['external'] is set to true. The PostgreSQL user name. This user must be granted either the CREATE ROLE and CREATE DATABASE permissions in PostgreSQL or be granted SUPERUSER permission. This user must also have an entry in the host-based authentication configuration file used by PostgreSQL (traditionally named pg_hba.conf). Default value: 'superuser_userid'.

postgresql['db_superuser_password']

Required when postgresql['external'] is set to true. The password for the user specified by postgresql['db_superuser']. Default value: 'the password'.

postgresql['dir']

The working directory. The default value is the recommended value. Default value:

The size of the disk cache that is used for data files. Default value: 50% of available RAM.

postgresql['enable']

Enable a service. Default value: true.

postgresql['external']

Required. Set to true to run PostgreSQL external to the Chef server. Must be set once only on a new installation of the Chef server before the first chef-server-ctl reconfigure command is run. If this is set after a reconfigure or set to false, any reconfigure of the Chef server will return an error. Default value: false.

postgresql['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

postgresql['home']

The home directory for PostgreSQL. Default value: /var/opt/opscode/postgresql.

postgresql['keepalives_count']

The maximum number of keepalive proves that should be sent before dropping a connection. Default value: 2.

postgresql['keepalives_idle']

The amount of time (in seconds) a connection must remain idle before keepalive probes will resume. Default value: 60.

postgresql['keepalives_interval']

The amount of time (in seconds) between probes. Default value: 15.

postgresql['listen_address']

The connection source to which PostgreSQL is to respond. Default value: localhost.

postgresql['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value:

When to log a slow PostgreSQL query statement. Possible values: -1 (disabled, do not log any statements), 0 (log every statement), or an integer greater than zero. When the integer is greater than zero, this value is the amount of time (in milliseconds) that a query statement must have run before it is logged. Default value: -1.

postgresql['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

postgresql['max_connections']

The maximum number of allowed concurrent connections. Default value: 350.

Optional when postgresql['external'] is set to true. The port on which the service is to listen. The port used by PostgreSQL if that port is not 5432. Default value: 5432.

postgresql['shared_buffers']

The amount of memory that is dedicated to PostgreSQL for data caching. Default value:

#{(node['memory']['total'].to_i / 4) / (1024)}MB

postgresql['shell']

Default value: /bin/sh.

postgresql['shmall']

The total amount of available shared memory. Default value: 4194304.

postgresql['shmmax']

The maximum amount of shared memory. Default value: 17179869184.

postgresql['sql_password']

The password for the PostgreSQL user account. Default value: snakepliskin.

postgresql['sql_ro_password']

Default value: shmunzeltazzen.

postgresql['sql_ro_user']

Default value: opscode_chef_ro.

postgresql['sql_user']

Default value: opscode_chef.

postgresql['trust_auth_cidr_addresses']

Use for clear-text passwords. See md5_auth_cidr_addresses. Default value: '127.0.0.1/32', '::1/128'.

postgresql['user_path']

Default value:

/opt/opscode/embedded/bin:/opt/opscode/bin:$PATH

postgresql['username']

The PostgreSQL account user name. Default value: opscode-pgsql.

postgresql['version']

The (currently) hardcoded version of PostgreSQL. Default value: '9.2'.

postgresql['vip']

Required when postgresql['external'] is set to true. The virtual IP address. The host for this IP address must be online and reachable from the Chef server via the port specified by postgresql['port']. Default value: 127.0.0.1. Set this value to the IP address or hostname for the machine on which external PostgreSQL is located when postgresql['external'] is set to true.

rabbitmq

The rabbitmq service is used to provide the message queue that is used by the Chef server to get search data to Apache Solr so that it can be indexed for search. When Chef Analytics is confiugred, the rabbitmq service is also used to send data from the Chef server to the Chef Analytics server.

This configuration file has the following settings for rabbitmq:

rabbitmq['actions_exchange']

The name of the exchange to which Chef actions publishes actions data. Default value: 'actions'.

The maximum number of messages that can be queued before RabbitMQ automatically drops messages from the front of the queue to make room for new messages. Default value: 10000.

rabbitmq['consumer_id']

The identity of the consumer to which messages are published. Default value: 'hotsauce'.

rabbitmq['data_dir']

The directory in which on-disk data is stored. The default value is the recommended value. Default value: '/var/opt/opscode/rabbitmq/db'.

rabbitmq['dir']

The working directory. The default value is the recommended value. Default value: '/var/opt/opscode/rabbitmq'.

rabbitmq['drop_on_full_capacity']

Specify if messages will stop being sent to the RabbitMQ queue when it is at capacity. Default value: true.

rabbitmq['enable']

Enable a service. Default value: true.

rabbitmq['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

rabbitmq['jobs_password']

Default value: 'workcomplete'.

rabbitmq['jobs_user']

Default value: 'jobs'.

rabbitmq['jobs_vhost']

Default value: '/jobs'.

rabbitmq['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: '/var/log/opscode/rabbitmq'.

rabbitmq['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

rabbitmq['management_enabled']

Specify if the rabbitmq-management plugin is enabled. Default value: true.

rabbitmq['management_password']

The rabbitmq-management plugin password. Default value: 'chefrocks'.

rabbitmq['management_port']

The rabbitmq-management plugin port. Default value: 15672.

rabbitmq['management_user']

The rabbitmq-management plugin user. Default value: 'rabbitmgmt'.

rabbitmq['node_ip_address']

The bind IP address for RabbitMQ. Default value: '127.0.0.1'.

Chef Analytics uses the same RabbitMQ service that is configured on the Chef server. When the Chef Analytics server is configured as a standalone server, the default settings for rabbitmq['node_ip_address'] and rabbitmq['vip'] must be updated. When the Chef Analytics server is configured as a standalone server, change this value to 0.0.0.0.

rabbitmq['node_port']

The port on which the service is to listen. Default value: '5672'.

rabbitmq['nodename']

The name of the node. Default value: 'rabbit@localhost'.

rabbitmq['password']

The password for the RabbitMQ user. Default value: 'chefrocks'.

rabbitmq['prevent_erchef_startup_on_full_capacity']

Specify if the Chef server will start when the monitored RabbitMQ queue is full. Default value: false.

rabbitmq['queue_at_capacity_affects_overall_status']

Specify if the _status endpoint in the Chef server API will fail if the monitored queue is at capacity. Default value: false.

rabbitmq['queue_length_monitor_enabled']

Specify if the queue length monitor is enabled. Default value: true.

rabbitmq['queue_length_monitor_millis']

The frequency (in milliseconds) at which the length of the RabbitMQ queue is checked. Default value: 30000.

rabbitmq['queue_length_monitor_timeout_millis']

The timeout (in milliseconds) at which calls to the queue length monitor will stop if the Chef server is overloaded. Default value: 5000.

rabbitmq['queue_length_monitor_queue']

The RabbitMQ queue that is observed by queue length monitor. Default value: 'alaska'.

rabbitmq['queue_length_monitor_vhost']

The virtual host for the RabbitMQ queue that is observed by queue length monitor. Default value: '/analytics'.

rabbitmq['rabbit_mgmt_http_cull_interval']

The maximum cull interval (in seconds) for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 60.

rabbitmq['rabbit_mgmt_http_init_count']

The initial worker count for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 25.

rabbitmq['rabbit_mgmt_http_max_age']

The maximum connection worker age (in seconds) for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 70.

rabbitmq['rabbit_mgmt_http_max_connection_duration']

The maximum connection duration (in seconds) for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 70.

rabbitmq['rabbit_mgmt_http_max_count']

The maximum worker count for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 100.

rabbitmq['rabbit_mgmt_ibrowse_options']

An array of comma-separated key-value pairs of ibrowse options for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: '{connect_timeout, 10000}'.

rabbitmq['rabbit_mgmt_timeout']

The timeout for the HTTP connection pool that is used by the rabbitmq-management plugin. Default value: 30000.

Chef Analytics uses the same RabbitMQ service that is configured on the Chef server. When the Chef Analytics server is configured as a standalone server, the default settings for rabbitmq['node_ip_address'] and rabbitmq['vip'] must be updated. When the Chef Analytics server is configured as a standalone server, this value should be updated to be the backend VIP address for the Chef server.

redis_lb

Key-value store used in conjunction with Nginx to route requests and populate request data used by the Chef server.

This configuration file has the following settings for redis_lb:

redis_lb['activerehashing']

Enable active rehashing. Default value: 'no'.

redis_lb['aof_rewrite_min_size']

The minimum size of the append-only file. Only files larger than this value are rewritten. Default value: '16mb'.

redis_lb['aof_rewrite_percent']

The size of the current append-only file, as compared to the base size. The append-only file is rewritten when the current file exceeds the base size by this value. Default value: '50'.

redis_lb['appendfsync']

The frequency at which the operating system writes data on-disk, instead of waiting for more data. Possible values: no (don’t fsync, let operating system flush data), always (fsync after every write to the append-only log file), and everysec (fsync only once time per second). Default value: 'always'.

redis_lb['appendonly']

Dump data asynchronously on-disk or to an append-only log file. Set to yes to dump data to an append-only log file. Default value: 'no'.

redis_lb['bind']

Bind Redis to the specified IP address. Default value: '127.0.0.1'.

redis_lb['data_dir']

The directory in which on-disk data is stored. The default value is the recommended value. Default value: '/var/opt/opscode/redis_lb/data'.

redis_lb['databases']

The number of databases. Default value: '16'.

redis_lb['dir']

The working directory. The default value is the recommended value. Default value: '/var/opt/opscode/redis_lb'.

redis_lb['enable']

Enable a service. Default value: true.

redis_lb['ha']

Run the Chef server in a high availability topology. When topology is set to ha, this setting defaults to true. Default value: false.

redis_lb['keepalive']

The amount of time (in seconds) to wait for requests on a connection. Default value: '60'.

redis_lb['log_directory']

The directory in which log data is stored. The default value is the recommended value. Default value: '/var/log/opscode/redis_lb'.

redis_lb['log_rotation']

The log rotation policy for this service. Log files are rotated when they exceed file_maxbytes. The maximum number of log files in the rotation is defined by num_to_keep. Default value:

{ 'file_maxbytes' => 104857600, 'num_to_keep' => 10 }

redis_lb['loglevel']

The level of logging to be stored in a log file.. Possible values: debug, notice, verbose, and warning. Default value: 'notice'.